New XDR solution from Sophos synchronizes endpoint, server, firewall and email security. Sophos XDR extends next generation security solutions with new EDR functions and thus creates a comprehensive and integrated threat detection and response system.
Today Sophos introduces its new solution, Sophos XDR. It is the only Extended Detection and Response (XDR) solution in the industry that synchronizes endpoint, server, firewall and email security. With this comprehensive and integrated approach, Sophos XDR offers a holistic overview of a company's security environment, combined with a comprehensive data set and in-depth analysis options for the detection and investigation of cyber threats, including appropriate response measures. In this way, even the most sophisticated attacks can be fended off - especially those that use multiple access points and initially move inconspicuously in the network in order to avoid detection.
Detailed threat analysis
The heart of Sophos XDR is one of the most extensive data sets in the industry: On the one hand, up to 90 days of on-device data and, on the other hand, up to 30 days of cross-product data are stored in the cloud-based data lake. The unique approach of combining on-device and data lake forensics provides comprehensive and contextual insights. These can be used by security analysts via Sophos Central and open application programming interfaces (APIs) to integrate them into the following systems: Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), Professional Service Automation (PSA) and Remote Monitoring and Management (RMM).
The data lake contains critical information from Intercept X, Intercept X for Server, Sophos Firewall, and Sophos Email. Sophos Cloud Optix and Sophos Mobile will also be fed into the data collection later this year. This enables security and IT teams to easily access this data to conduct cross-product threat investigations and quickly get granular details on past and current attack activity. The availability of offline access to historical data also protects against lost or compromised devices.
New EDR version
Sophos has also released a new version of its industry-leading endpoint detection and response solution, Sophos EDR. New time-controlled queries and customizable contextual pivoting functions offer security analysts and IT administrators a quick and precise identification and investigation of security problems in order to be able to react quickly and purposefully. Thanks to the integration with the data science tool SophosLabs Intelix, the new version provides preconfigured queries and powerful threat intelligence functions. Sophos EDR customers can access data in the data lake that is hosted in the cloud for seven days (expandable to 30 days). With on-device data, this is possible for up to 90 days.
Sophos Adaptive Cybersecurity Ecosystem
Sophos XDR and EDR are part of the Sophos Adaptive Cybersecurity Ecosystem (ACE), a new, open security architecture to optimize threat prevention, detection and response. Sophos ACE leverages automation and analysis as well as the collective input of Sophos products, partners, customers, developers and other security providers. In this way, this architecture creates a protection that is continuously improving; the system is constantly learning and developing. Sophos ACE builds on an extensive collection of data and correlates actionable insights from Sophos solutions and services as well as threat intelligence from SophosLabs, Sophos AI and the Sophos Managed Threat Response team. Open application programming interfaces (APIs) enable customers, partners and developers to create tools and solutions that interact with the system and take advantage of existing integrations. Sophos is leading the industry with this approach and is already working with many vendors.
Learn from data collections
The importance of an interacting IT security system based on as many data sets as possible becomes clear in the new Sophos study "Intervention halts a ProxyLogon-enabled attack", which describes an attack on a large company. The attack began with the attackers compromising an Exchange server with the current ProxyLogon exploit and moving unnoticed through the network. Over a period of two weeks, they were able to steal account login information, compromise domain controllers and settle on multiple computers. In doing so, they used a commercial remote access tool to maintain access to the hacked computers and to distribute a number of malicious programs. The study shows that the attackers kept coming back. Sometimes they use the same tool, such as Cobalt Strike, but sometimes other tools on different computers. They used a commercial remote access program rather than the more standard RDP that IT security professionals typically look for.
Survey: 54 percent of IT managers need help
Dan Schiappa, Chief Product Officer at Sophos. “The report highlights the complexity of human cyberattacks and shows how difficult it is for IT security teams to track and contain multi-level, multi-vector incidents. Often times, it is simply impossible to keep up with the attack activity that has been occurring in all parts of the organization. According to the Sophos State of Ransomware report published at the end of April, this problem is widespread. More than 54 percent of the IT managers surveyed said that cyber attacks are too advanced for their IT teams to deal with on their own. XDR is an important defense component here. "
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.
Matching articles on the topic